Peter M. Abraham wrote: > Greetings: > > The server in question is CentOS 4, and rkhunter and chkrootkit do not > report any issues. > > Thank you. > > Have you tried to do a nmap scan of the system from another workstation? nmap should show you what open ports and then you can try to identify if there is anything that should not be open.
We've been running OSSEC for about a year on a number of CentOS 3/4/5 with never seen any errors about hidden ports. We run it on dns, mail, web, sql servers. SW
